tiff 3.6.1-5ubuntu0.6 source package in Ubuntu
Changelog
tiff (3.6.1-5ubuntu0.6) hoary-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution with crafted TIFF files, found
by Tavis Ormandy of the Google Security Team.
* CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
tif_dirread.c
* CVE-2006-3460: A heap overflow vulnerability was discovered in the
jpeg decoder
* CVE-2006-3461: A heap overflow exists in the PixarLog decoder
* CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
overflow
* CVE-2006-3463: An infinite loop was discovered in
EstimateStripByteCounts()
* CVE-2006-3464: Multiple unchecked arithmetic operations were
uncovered, including a number of the range checking operations
deisgned to ensure the offsets specified in tiff directories are
legitimate.
* A number of codepaths were uncovered where assertions did not hold
true, resulting in the client application calling abort()
* CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
support
-- Martin Pitt <email address hidden> Wed, 2 Aug 2006 11:51:05 +0000
Upload details
- Uploaded by:
- Martin Pitt
- Uploaded to:
- Hoary
- Original maintainer:
- Jay Berkenbilt
- Architectures:
- any
- Section:
- libs
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| tiff_3.6.1.orig.tar.gz | 828.9 KiB | ee7deab7d26c22d31e6f5eca8ce14db7f186989818d23d5d648829dfda634957 |
| tiff_3.6.1-5ubuntu0.6.diff.gz | 30.0 KiB | 06d80dc0e40acefd2b417ecb230570ff49b284bc538c473126ccddc1400c445c |
| tiff_3.6.1-5ubuntu0.6.dsc | 681 bytes | 7a87d4d9fc66f907a159fe2f54d19e44c947a53741a4d00cf605d1fffc87868c |
Binary packages built by this source
- libtiff-tools: No summary available for libtiff-tools in ubuntu hoary.
No description available for libtiff-tools in ubuntu hoary.
- libtiff4: No summary available for libtiff4 in ubuntu hoary.
No description available for libtiff4 in ubuntu hoary.
- libtiff4-dev: No summary available for libtiff4-dev in ubuntu hoary.
No description available for libtiff4-dev in ubuntu hoary.
